What is already in place
TvRMM already publishes its security model, responsible disclosure path, subprocessor list, DPA, retention policy, and customer-facing support boundaries. The initial SOC 2-aligned governance baseline was approved on 2026-07-01, covering system scope, policy set, control mapping, readiness mapping, and control ownership.
What we are collecting now
Operating evidence collection remains in progress. The next milestones are access-review evidence, CI and change-management evidence, backup and restore-test evidence, critical-vendor review evidence, tenant-isolation evidence, and incident-response exercise evidence.
What customers should expect next
As redacted evidence summaries are reviewed and approved for publication, this page will grow into a public trust center with clearer control status and a documented path toward third-party readiness review.